I am creating an Excel Vbs script that is connecting to a ASP.Net application using Forms authentication. The connection works fine, the problem is that I am not able to extract the .ASPXAUTH cookie from it. Here is the script:
Sub GetAspCookie()
Dim objXmlHttpMain, URL
Dim strJSONToSend As String
strJSONToSend = "{""Username"":""myuser"",""Password"":""mypassword""}"
URL = "http://localhost/MySite/Account/Login"
Set objXmlHttpMain = CreateObject("WinHttp.WinHttpRequest.5.1")
On Error Resume Next
objXmlHttpMain.Open "POST", URL, False
objXmlHttpMain.SetRequestHeader "Connection", "Keep-Alive"
objXmlHttpMain.SetRequestHeader "Content-Type", "application/json"
objXmlHttpMain.Send (strJSONToSend)
strHeaders = objXmlHttpMain.GetAllResponseHeaders()
MsgBox strHeaders
'Both attempts below return empty cookie
'strCookie = objXmlHttpMain.GetResponseHeader("Cookie")
'strCookie = objXmlHttpMain.GetResponseHeader("Set-Cookie")
If Err Then 'handle errors
WScript.Echo Err.Description & " [0x" & Hex(Err.Number) & "]"
WScript.Quit 1
End If
On Error GoTo 0
End Sub
Here are my response headers showing up in my vbs message window:
The strange thing is that when I execute the same POST from POSTMAN I get this response which contains the .ASPXAUTH cookie inside of Set-Cookie:
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /MySite/Home/Index
Server: Microsoft-IIS/10.0
X-StackifyID: V1|b4e46c31-4679-4688-ae56-743d63cdc6fd|
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
Set-Cookie: .ASPXAUTH=4D423446F2578F5BC081006964A3909A4218E36C4D0A8E0F00D60D005606611F8783E2CBC0206438ABD603F08D1333C6E19C9AE3E92EB06580EFC19A43D31F4484F6534E598C7CB630DE3CA001BB4B3BBED300209EC103BCCA3E3ABA5AD3EC922D345CBC2135E4E6649056631C283EE3EF89A871D9DC7B3B...; path=/
X-Powered-By: ASP.NET
Date: Tue, 10 Apr 2018 22:22:44 GMT
Content-Length: 454
Why is my WinHttpRequest not returning the Set-Cookie response header?
